.. / CVE-2020-8512

Exploit for IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting (CVE-2020-8512)

Description:

IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.

Nuclei Template

View the template here CVE-2020-8512.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-8512.yaml
Copy

References:

https://packetstormsecurity.com/files/156103/IceWarp-WebMail-11.4.4.1-Cross-Site-Scripting.html
https://twitter.com/sagaryadav8742/status/1275170967527006208
https://www.exploit-db.com/exploits/47988
https://nvd.nist.gov/vuln/detail/CVE-2020-8512
https://cxsecurity.com/issue/WLB-2020010205